add parsing ocsp request in get url

src/file_analysis/analyzer/ocsp/OCSP.cc

@@ -373,7 +373,7 @@ RecordVal *file_analysis::OCSP::ParseRequest(OCSP_REQVal *req_val)
 		{
 		len = -1;
 		len = GENERAL_NAME_to_cstr(buf, buf_len, (void *)(inf->requestorName));
-		if (len > 1)
+		if (len > 0)
 			ocsp_req_record->Assign(1, new StringVal(len, buf));
 		}
 	

src/file_analysis/analyzer/ocsp/functions.bif

@@ -9,7 +9,7 @@
 ##
 ## Returns: A OCSP::Response structure.
 ##
-## .. bro:see:: ssl_stapled_ocsp
+## .. bro:see:: ssl_stapled_ocsp  ocsp_parse_request
 function ocsp_parse_response%(ocsp_reply: string%): OCSP::Response
         %{
 	const unsigned char* start = ocsp_reply->Bytes();
@@ -34,3 +34,35 @@ function ocsp_parse_response%(ocsp_reply: string%): OCSP::Response
 	//Unref(resp_record);
 	return resp_record;
 	%}
+
+## Parses a OCSP request into an OCSP::Request structure.
+##
+## ocsp_req: OCSP data.
+##
+## Returns: A OCSP::Request structure.
+##
+## .. bro:see:: ssl_stapled_ocsp ocsp_parse_response
+function ocsp_parse_request%(ocsp_req: string%): OCSP::Request
+        %{
+	const unsigned char* start = ocsp_req->Bytes();
+	OCSP_REQUEST *req = NULL;
+	file_analysis::OCSP_REQVal* req_val = NULL;
+	RecordVal* req_record = NULL;
+	req = d2i_OCSP_REQUEST(NULL, &start, ocsp_req->Len());
+	if ( ! req )
+		{
+		reporter->Weird("OPENSSL Could not parse OCSP request");
+		return NULL;
+		}
+	req_val = new file_analysis::OCSP_REQVal(req);
+	req_record = file_analysis::OCSP::ParseRequest(req_val);
+	if (!req_record)
+		{
+		reporter->Weird("Internal fail to parse OCSP request");
+		Unref(req_val);
+		return NULL;
+		}
+	Unref(req_val);
+	//Unref(req_record);
+	return req_record;
+	%}